Provision two new Gitea repos for the LiteLLM dynamic secrets work: the
Vault/OpenBao secrets-engine plugin and its companion Terraform provider.
- Add config/.../repository/vault-plugin-secrets-litellm.yaml
- Add config/.../repository/terraform-provider-litellm.yaml
- Default branch main, squash-only merging (allow_* flags, since the
go-gitea/gitea provider has no default_merge_style), and branch protection
on main requiring pre-commit/build/test checks with Owners approval
- Remove woodpecker_repository module and provider (repos managed outside TF)
- Add removed block with destroy=false to drop state without destroying
- Add module.team to branch_protection depends_on to prevent race condition
- Add lifecycle ignore_changes for team permission (provider bug: API returns
"none" but rejects it on write)
- Add forgebot team with unkinben and benvin members
- Enable branch protection on main for forgebot and forgebot-skills
- Team-based approval and merge whitelists
- Register both repos with Woodpecker CI
- CI status checks: pre-commit, test, build (forgebot); validate (skills)
- forgebot: branch protection on main with pre-commit, test, build CI checks
- forgebot-skills: branch protection on main with validate CI check
- Both repos enabled for Woodpecker CI
Manage Gitea resources via Terraform/Terragrunt with YAML-driven config.
Resources managed:
- Organisation (unkin)
- 28 repositories with settings
- 6 teams with members
- 13 branch protection rules
- 9 Woodpecker CI repo activations
- Deploy key module (ready, no keys yet)
Config structure: config/<service>/<org>/<type>/<object>.yaml
Consul backend for state, Vault for auth tokens.